DOS6055

Project fork count should not exceed bounded threshold

DOS6055

GitLab project Severitylow builtIn

Description

Projects with a very large number of forks (>= 100) are likely public open-source projects (which warrant separate review) OR have lost control of their fork governance. The threshold matches the GL_POLICY_VAR_PROJECT_FORKS_COUNT_MAX library variable. Use exemptions for legitimately popular OSS projects. The lessThan operator on a bounded numeric field flags outliers without false-positives on healthy private projects (which typically have fork count = 0 or single digits).

Recommendation

1. If the project is a popular OSS project, create a PolicyExemption with reason 'Public OSS project; fork count expected'. 
2. Otherwise, audit the forks list (project Forks page) and disable forking via Settings > General > Visibility > Disable forking if appropriate.

Policy Rule

{
  "target": "GLProject",
  "if": {
    "allOf": [
      {
        "resource": "GLProject",
        "property": "ForksCount",
        "operator": "lessThan",
        "value": 100
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS6054 DOS6056 »
Rule Details
  • Rule ID: DOS6055
  • Code: GL_ProjectCi_ForksCount_Should_Be_Bounded
  • Platform: GitLab
  • Category: project
  • Severity: Severitylow
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2